即使在Springboot应用程序的过滤器中指定了Access-Control-Allow-Origin标头后,也无法控制跨源请求
我在项目中添加了以下过滤器代码-
package com.package;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
@Component
//@Slf4j
public class CORSFilter implements Filter {
private static final Logger logger = LoggerFactory.getLogger(CORSFilter.class);
@Override
public void destroy() {
// Nothing to do
}
// @Autowired
// private SecureFrontEndConfiguration secureFrontEndConfiguration;
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
logger.error("Passing through Cors filter");
HttpServletResponse res = (HttpServletResponse) response;
res.setHeader("Access-Control-Allow-Origin", "https://some-domain-from-which-I-am-not-calling.com");
res.addHeader("Access-Control-Allow-Credentials", "true");
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// Nothing to do
}
}
我通过点击API验证了这两个标头出现在响应标头中-
但是,当我将其托管在一个域上并从另一个域托管的应用程序调用时(不是我上面针对标头提到的那个域),我仍然可以获得成功的响应-
2020-06-05 16:47:21,754 259299 [XNIO-3 task-1] INFO [TokenService.java:57] - API : service/v2/api property api : <user roles>;
2020-06-05 16:47:21,787 259332 [XNIO-3 task-1] INFO [SomeAuthTokenService.java:50] - Client-Id : <clientid> ,client secret : <secret> , url : https://user management/oauth/tok
en
2020-06-05 16:47:23,519 261064 [XNIO-3 task-1] INFO [DaoCacheFactory.java:70] - Inside getDaoForWrite returning dao [com.CacheRepository@77019376] for class interface com.CacheDao
2020-06-05 16:47:23,519 261064 [XNIO-3 task-1] INFO [CacheRepository.java:36] - Inside create() for uuid <User ID>
2020-06-05 16:47:23,520 261065 [XNIO-3 task-1] INFO [CacheRepository.java:187] - Inside get() for uuid <User ID>
2020-06-05 16:47:23,545 261090 [XNIO-3 task-1] INFO [RedisDAOImpl.java:238] - Response from redis for hmset: OK
2020-06-05 16:47:23,549 261094 [XNIO-3 task-1] INFO [RedisDAOImpl.java:238] - Response from redis for hmset: OK
2020-06-05 16:47:23,552 261097 [XNIO-3 task-1] INFO [RedisDAOImpl.java:238] - Response from redis for hmset: OK
2020-06-05 16:47:23,552 261097 [XNIO-3 task-1] INFO [CacheService.java:121] - Cached profile for user <User ID>
2020-06-05 16:47:23,570 261115 [XNIO-3 task-1] INFO [CORSFilter.java:40] - Passing through Cors filter
2020-06-05 16:47:25,615 263160 [XNIO-3 task-1] WARN [Errors.java:191] - The following warnings have been detected: HINT: A HTTP GET method, public void com.LendMoneyScheduledService.execute
() throws com.LendNotFoundException, returns a void type. It can be intentional and perfectly fine, but it is a little uncommon that GET method returns always "204 No Content".
2020-06-05 16:47:25,670 263215 [XNIO-3 task-1] INFO [LoggingFilter.java:155] - 1 * Server has received a request on thread XNIO-3 task-1
1 > GET http://<API domain>/service/v2/api
1 > Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
1 > Accept-Encoding: gzip
1 > Authorization: Bearer <token>
1 > Cache-Control: no-cache
1 > Connection: close
1 > Content-Type: application/x-www-form-urlencoded; charset=UTF-8
1 > Host: <API domain>
1 > Pragma: no-cache
1 > User-Agent: Java/1.7.0_79
1 > X-Forwarded-For: <IP - source server from which API call is made>, <some other IP>, <yet another IP>, <yet another IP>
1 > X-Forwarded-Host: <API domain>
1 > X-Forwarded-Port: 443
1 > X-Forwarded-Proto: https
1 > X-Forwarded-Server: <API domain>
2020-06-05 16:47:25,732 263277 [XNIO-3 task-1] INFO [Service.java:137] - Geting balance for customer : <User ID>
2020-06-05 16:47:26,149 263694 [XNIO-3 task-1] INFO [Service.java:139] - Available balance for customer : <User ID> is : amount value : 2180.10 currency : INR
2020-06-05 16:47:26,196 263741 [XNIO-3 task-1] INFO [LoggingFilter.java:155] - 1 * Server responded with a response on thread XNIO-3 task-1
1 < 200
1 < Content-Type: application/json
(在进行更改之前)较早完成响应-
2020-06-05 16:14:28,883 1492564 [XNIO-3 task-9] INFO [TokenService.java:57] - API : service/v2/api property api : <User roles>;
2020-06-05 16:14:30,028 1493709 [XNIO-3 task-9] INFO [DaoCacheFactory.java:70] - Inside getDaoForWrite returning dao [com.CacheRepository@11c48119] for class interface com.cCacheDao
2020-06-05 16:14:30,028 1493709 [XNIO-3 task-9] INFO [CacheRepository.java:36] - Inside create() for uuid <User ID>
2020-06-05 16:14:30,028 1493709 [XNIO-3 task-9] INFO [CacheRepository.java:187] - Inside get() for uuid <User ID>
2020-06-05 16:14:30,034 1493715 [XNIO-3 task-9] INFO [RedisDAOImpl.java:238] - Response from redis for hmset: OK
2020-06-05 16:14:30,036 1493717 [XNIO-3 task-9] INFO [RedisDAOImpl.java:238] - Response from redis for hmset: OK
2020-06-05 16:14:30,037 1493718 [XNIO-3 task-9] INFO [RedisDAOImpl.java:238] - Response from redis for hmset: OK
2020-06-05 16:14:30,039 1493720 [XNIO-3 task-9] INFO [CacheService.java:121] - Cached profile for user <User ID>
2020-06-05 16:14:30,043 1493724 [XNIO-3 task-9] INFO [LoggingFilter.java:155] - 9 * Server has received a request on thread XNIO-3 task-9
9 > GET http://<API domain>/service/v2/api
9 > Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
9 > Accept-Encoding: gzip
9 > Authorization: Bearer <token>
9 > Cache-Control: no-cache
9 > Connection: close
9 > Content-Type: application/x-www-form-urlencoded; charset=UTF-8
9 > Host: <API domain>
9 > Pragma: no-cache
9 > User-Agent: Java/1.7.0_79
9 > X-Forwarded-For: <IP - source server from which API call is made>, <some other IP>, <yet another IP>, <yet another IP>
9 > X-Forwarded-Host: <API domain>
9 > X-Forwarded-Port: 443
9 > X-Forwarded-Proto: https
9 > X-Forwarded-Server: <API domain>
1 个答案:
答案 0 :(得分:0)
在没有过滤器的情况下尝试使用此配置类,
@Configuration
public class WebConfig implements WebMvcConfigurer {
/**
* This method will enable CORS
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*")
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
.allowedHeaders("Content-Type", "Authorization", "cache-control").exposedHeaders("Authorization", "UserID")
.allowCredentials(true).maxAge(3600);
}
}
相关问题
- Access-Control-Allow-Origin标头如何工作?
- 访问控制允许来源
- ajax请求'访问控制允许来源'
- 请求标题字段Access-Control-Allow-Origin
- 跨域请求被阻止:&amp;原因:缺少CORS标题“Access-Control-Allow-Origin”
- Yii2 Cors Filter - 随机丢失'Access-Control-Allow-Origin'标题
- No&#39; Access-Control-Allow-Origin&#39; header - Springboot
- Azure否'Access-Control-Allow-Origin'标头
- 即使在Springboot应用程序的过滤器中指定了Access-Control-Allow-Origin标头后,也无法控制跨源请求
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?